2011-03-04 22:37:10 +00:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2010 Your File System Inc. All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
|
|
|
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
|
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
|
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
|
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
|
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
|
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/*!
|
|
|
|
|
* Test those bits of the authcon interface that we can test without involving
|
|
|
|
|
* the cache manager.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <afsconfig.h>
|
|
|
|
|
#include <afs/param.h>
|
|
|
|
|
|
|
|
|
|
#include <roken.h>
|
|
|
|
|
|
|
|
|
|
#include <rx/rx.h>
|
|
|
|
|
#include <rx/rxkad.h>
|
Move key-related warnings to common server code
Each server process can log a couple of different warnings about the
server keys found on disk:
- If afsconf_GetLatestKey() returns success (indicating a single-DES
key is present), we call LogDesWarning().
- If afsconf_CountKeys() returns 0 (indicating there are no keys at
all on disk), we log a warning that all authenticated access will
fail.
Currently, the code to do these checks and log the relevant warning is
duplicated across the startup code for nearly every server process. To
avoid this duplication, and to make sure the checks aren't
accidentally skipped for anyone, move these checks to
afsconf_BuildServerSecurityObjects, which every server process calls.
We must add an additional parameter to
afsconf_BuildServerSecurityObjects to handle the different logging
mechanism these servers use, but afsconf_BuildServerSecurityObjects is
declared in a public header (cellconfig.h), and is exported in a
public library (libafsauthent). So to avoid changing a public symbol,
introduce a new variant of the function, called
afsconf_BuildServerSecurityObjects_int. Declare this in a new internal
header, authcon.h.
We don't have easily-usable logging functions for upserver and butc,
so just don't log the warnings for those. For ubik servers, don't
update ubik_SetServerSecurityProcs to use the new function; the
initial call to afsconf_BuildServerSecurityObjects_int in the server's
startup code will cover logging the warning on startup.
Change-Id: I5d5fceefdaf907f96db9f1c0d21ceb6957299a59
Reviewed-on: https://gerrit.openafs.org/10831
Tested-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
2014-02-10 21:57:43 +00:00
|
|
|
#include <afs/authcon.h>
|
2011-03-04 22:37:10 +00:00
|
|
|
#include <afs/cellconfig.h>
|
|
|
|
|
|
2012-05-07 21:52:16 +01:00
|
|
|
#include <tests/tap/basic.h>
|
2011-03-04 22:37:10 +00:00
|
|
|
#include "common.h"
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
main(int argc, char **argv)
|
|
|
|
|
{
|
|
|
|
|
struct afsconf_dir *dir;
|
|
|
|
|
char *dirname;
|
|
|
|
|
struct rx_securityClass **classes;
|
2011-03-05 23:09:18 +00:00
|
|
|
struct rx_securityClass *secClass;
|
|
|
|
|
int secIndex;
|
2011-03-04 22:37:10 +00:00
|
|
|
int numClasses;
|
2011-03-05 23:09:18 +00:00
|
|
|
struct afsconf_typedKey *key;
|
2012-09-20 00:14:31 +01:00
|
|
|
int code = 0;
|
Move key-related warnings to common server code
Each server process can log a couple of different warnings about the
server keys found on disk:
- If afsconf_GetLatestKey() returns success (indicating a single-DES
key is present), we call LogDesWarning().
- If afsconf_CountKeys() returns 0 (indicating there are no keys at
all on disk), we log a warning that all authenticated access will
fail.
Currently, the code to do these checks and log the relevant warning is
duplicated across the startup code for nearly every server process. To
avoid this duplication, and to make sure the checks aren't
accidentally skipped for anyone, move these checks to
afsconf_BuildServerSecurityObjects, which every server process calls.
We must add an additional parameter to
afsconf_BuildServerSecurityObjects to handle the different logging
mechanism these servers use, but afsconf_BuildServerSecurityObjects is
declared in a public header (cellconfig.h), and is exported in a
public library (libafsauthent). So to avoid changing a public symbol,
introduce a new variant of the function, called
afsconf_BuildServerSecurityObjects_int. Declare this in a new internal
header, authcon.h.
We don't have easily-usable logging functions for upserver and butc,
so just don't log the warnings for those. For ubik servers, don't
update ubik_SetServerSecurityProcs to use the new function; the
initial call to afsconf_BuildServerSecurityObjects_int in the server's
startup code will cover logging the warning on startup.
Change-Id: I5d5fceefdaf907f96db9f1c0d21ceb6957299a59
Reviewed-on: https://gerrit.openafs.org/10831
Tested-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
2014-02-10 21:57:43 +00:00
|
|
|
struct afsconf_bsso_info bsso;
|
2021-04-01 06:12:43 +01:00
|
|
|
struct afstest_configinfo bct;
|
Move key-related warnings to common server code
Each server process can log a couple of different warnings about the
server keys found on disk:
- If afsconf_GetLatestKey() returns success (indicating a single-DES
key is present), we call LogDesWarning().
- If afsconf_CountKeys() returns 0 (indicating there are no keys at
all on disk), we log a warning that all authenticated access will
fail.
Currently, the code to do these checks and log the relevant warning is
duplicated across the startup code for nearly every server process. To
avoid this duplication, and to make sure the checks aren't
accidentally skipped for anyone, move these checks to
afsconf_BuildServerSecurityObjects, which every server process calls.
We must add an additional parameter to
afsconf_BuildServerSecurityObjects to handle the different logging
mechanism these servers use, but afsconf_BuildServerSecurityObjects is
declared in a public header (cellconfig.h), and is exported in a
public library (libafsauthent). So to avoid changing a public symbol,
introduce a new variant of the function, called
afsconf_BuildServerSecurityObjects_int. Declare this in a new internal
header, authcon.h.
We don't have easily-usable logging functions for upserver and butc,
so just don't log the warnings for those. For ubik servers, don't
update ubik_SetServerSecurityProcs to use the new function; the
initial call to afsconf_BuildServerSecurityObjects_int in the server's
startup code will cover logging the warning on startup.
Change-Id: I5d5fceefdaf907f96db9f1c0d21ceb6957299a59
Reviewed-on: https://gerrit.openafs.org/10831
Tested-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
2014-02-10 21:57:43 +00:00
|
|
|
|
|
|
|
|
memset(&bsso, 0, sizeof(bsso));
|
2021-04-01 06:12:43 +01:00
|
|
|
memset(&bct, 0, sizeof(bct));
|
2011-03-04 22:37:10 +00:00
|
|
|
|
2013-02-17 18:29:38 +00:00
|
|
|
afstest_SkipTestsIfBadHostname();
|
|
|
|
|
|
2018-03-04 23:33:47 +00:00
|
|
|
plan(8);
|
2021-04-01 06:12:43 +01:00
|
|
|
|
|
|
|
|
bct.skipkeys = 1;
|
|
|
|
|
dirname = afstest_BuildTestConfig(&bct);
|
2011-03-04 22:37:10 +00:00
|
|
|
|
|
|
|
|
dir = afsconf_Open(dirname);
|
|
|
|
|
if (dir == NULL) {
|
|
|
|
|
fprintf(stderr, "Unable to configure directory.\n");
|
2012-09-20 00:14:31 +01:00
|
|
|
code = 1;
|
|
|
|
|
goto out;
|
2011-03-04 22:37:10 +00:00
|
|
|
}
|
|
|
|
|
|
2011-03-13 15:45:37 +00:00
|
|
|
rx_Init(0);
|
|
|
|
|
|
2011-03-04 22:37:10 +00:00
|
|
|
/* Server Security objects */
|
|
|
|
|
|
Move key-related warnings to common server code
Each server process can log a couple of different warnings about the
server keys found on disk:
- If afsconf_GetLatestKey() returns success (indicating a single-DES
key is present), we call LogDesWarning().
- If afsconf_CountKeys() returns 0 (indicating there are no keys at
all on disk), we log a warning that all authenticated access will
fail.
Currently, the code to do these checks and log the relevant warning is
duplicated across the startup code for nearly every server process. To
avoid this duplication, and to make sure the checks aren't
accidentally skipped for anyone, move these checks to
afsconf_BuildServerSecurityObjects, which every server process calls.
We must add an additional parameter to
afsconf_BuildServerSecurityObjects to handle the different logging
mechanism these servers use, but afsconf_BuildServerSecurityObjects is
declared in a public header (cellconfig.h), and is exported in a
public library (libafsauthent). So to avoid changing a public symbol,
introduce a new variant of the function, called
afsconf_BuildServerSecurityObjects_int. Declare this in a new internal
header, authcon.h.
We don't have easily-usable logging functions for upserver and butc,
so just don't log the warnings for those. For ubik servers, don't
update ubik_SetServerSecurityProcs to use the new function; the
initial call to afsconf_BuildServerSecurityObjects_int in the server's
startup code will cover logging the warning on startup.
Change-Id: I5d5fceefdaf907f96db9f1c0d21ceb6957299a59
Reviewed-on: https://gerrit.openafs.org/10831
Tested-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
2014-02-10 21:57:43 +00:00
|
|
|
bsso.dir = dir;
|
|
|
|
|
afsconf_BuildServerSecurityObjects_int(&bsso, &classes, &numClasses);
|
2018-03-04 23:33:47 +00:00
|
|
|
is_int(5, numClasses, "5 security classes are returned, as expected");
|
2011-03-04 22:37:10 +00:00
|
|
|
ok(classes[1] == NULL, "The rxvab class is undefined, as requested");
|
|
|
|
|
free(classes);
|
|
|
|
|
|
2011-03-05 23:09:18 +00:00
|
|
|
/* Up to date checks */
|
|
|
|
|
|
|
|
|
|
ok(afsconf_UpToDate(dir), "Newly opened directory is up to date");
|
|
|
|
|
is_int(0, afsconf_AddKey(dir,
|
|
|
|
|
1, "\x19\x16\xfe\xe6\xba\x77\x2f\xfd", 0),
|
|
|
|
|
"Adding key worked");
|
|
|
|
|
ok(!afsconf_UpToDate(dir), "Directory with newly added key isn't");
|
|
|
|
|
afsconf_ClientAuth(dir, &secClass, &secIndex);
|
|
|
|
|
ok(afsconf_UpToDate(dir), "afsconf_ClientAuth() resets UpToDate check");
|
|
|
|
|
afsconf_DeleteKey(dir, 1);
|
|
|
|
|
ok(!afsconf_UpToDate(dir), "Directory with newly deleted key isn't");
|
|
|
|
|
afsconf_GetLatestKeyByTypes(dir, afsconf_rxkad, 0, &key);
|
|
|
|
|
ok(afsconf_UpToDate(dir), "afsconf_GetLatestKeyByTypes resest UpToDate");
|
|
|
|
|
|
2012-09-20 00:14:31 +01:00
|
|
|
out:
|
tests: Generalize temp dir management
Currently, afstest_BuildTestConfig calls afstest_mkdtemp (our thin
wrapper around mkdtemp) to create its temporary config dir. We may
want to make new tests, though, that create a temp dir for other
purposes. To make that easier, move a little more code into
afstest_mkdtemp, so the caller doesn't need to construct the template.
To allow callers to clean up such temporary dirs, change
afstest_UnlinkTestConfig into a more general function,
afstest_rmdtemp. Allow this new function to remove all files in a dir,
not just files one-level-deep. To avoid needing to write our own
traversal and removal logic, just run 'rm -rf' via a new function,
afstest_systemlp().
Move these temp dir-related functions from config.c into files.c,
since they are no longer specific to config dirs.
Change-Id: I16750a2f30e98c9ca2e14dfb7d3fc9bc5d456e8d
Reviewed-on: https://gerrit.openafs.org/14632
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
2020-07-02 03:18:04 +01:00
|
|
|
afstest_rmdtemp(dirname);
|
2012-09-20 00:14:31 +01:00
|
|
|
return code;
|
2011-03-04 22:37:10 +00:00
|
|
|
}
|
